Are your cloud services secure?

Insightful analysis by consultants Steve Taylor and Jim Metzler, plus links to the latest WAN news headlines

Cloud computing and virtualization are rapidly changing the normal mode of operations for most companies. But this move also means that techniques used to secure your corporate information assets must evolve drastically. In particular, there is no longer a physical "perimeter" to guard. Instead, the information is distributed, and the security must be likewise distributed.

IT managers must adapt by implementing faster, smarter security measures that monitor the constantly changing global landscape. It's not exactly news, but it bears repeating that while guarding and authenticating physical boundaries was formerly sufficient, the new level of virtualization must be extremely concerned about access authentication and control.

Two recent papers by Cisco and Juniper do an excellent job of examining these new challenges in depth. In the paper by Juniper, "Dynamic Security for the New Network Data Center," the most appropriate point is made that "To date, security in data centers has been applied primarily at the perimeter using firewalls, and at the server level by installing host-based intrusion detection, identity enforcement, antivirus, and other software agents. With virtualization, applications on the same host can communicate without accessing the physical network, thereby circumventing traditional firewalls and breaking zones of trust. Server-based security isn't scalable, doesn't encompass the range of network-attached devices in the data center, and presents major operational challenges. To protect today's data center, enterprises need a unified security layer operating dynamically across the heterogeneous and ever changing data center infrastructure."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cloud computing and virtualization are rapidly changing the normal mode of operations for most companies. But this move also means that techniques used to secure your corporate information assets must evolve drastically. In particular, there is no longer a physical "perimeter" to guard. Instead, the information is distributed, and the security must be likewise distributed.

IT managers must adapt by implementing faster, smarter security measures that monitor the constantly changing global landscape. It's not exactly news, but it bears repeating that while guarding and authenticating physical boundaries was formerly sufficient, the new level of virtualization must be extremely concerned about access authentication and control.

Two recent papers by Cisco and Juniper do an excellent job of examining these new challenges in depth. In the paper by Juniper, "Dynamic Security for the New Network Data Center," the most appropriate point is made that "To date, security in data centers has been applied primarily at the perimeter using firewalls, and at the server level by installing host-based intrusion detection, identity enforcement, antivirus, and other software agents. With virtualization, applications on the same host can communicate without accessing the physical network, thereby circumventing traditional firewalls and breaking zones of trust. Server-based security isn't scalable, doesn't encompass the range of network-attached devices in the data center, and presents major operational challenges. To protect today's data center, enterprises need a unified security layer operating dynamically across the heterogeneous and ever changing data center infrastructure."

Likewise, Cisco is offering a security architecture for "borderless networking." In its paper, they examine the threats, the access points that are particularly vulnerable, and (of course) a series of steps for remediation.

As observed in the Cisco paper, "The threat landscape has changed. IT and security operations teams must combat an array of threats to the network infrastructure and simultaneously assure network access for all who need it. Many current and emerging threats take advantage of existing vulnerabilities, even though organizations can become distracted by emerging threats. It is important to focus time, energy, and resources on what is strategically, financially, and competitively most important to safeguard your organization and that means taking a close look at your entire security system."

We couldn't agree more with the information in these papers, and together they form an excellent tutorial. We recommend the papers and welcome your comments.

Read more about lans & wans in Network World's LANs & WANs section.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler & Associates.